aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2018-06-06 11:22:25 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2018-06-06 11:22:25 +0200
commitac21c6be50070c34dd20abe07e0f95ff33751804 (patch)
treec844c632a085df1e69c4997b90eaeb4cc03e06e2 /id/server
parent4fa07676d5f2763cc9795c31fd95b1b6959dacb9 (diff)
downloadmoa-id-spss-ac21c6be50070c34dd20abe07e0f95ff33751804.tar.gz
moa-id-spss-ac21c6be50070c34dd20abe07e0f95ff33751804.tar.bz2
moa-id-spss-ac21c6be50070c34dd20abe07e0f95ff33751804.zip
refactor user whitelist to allow list updates without restarting the IDP
Diffstat (limited to 'id/server')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java27
2 files changed, 27 insertions, 2 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
index 4853a5ab6..5d0580464 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
@@ -58,7 +58,7 @@ public class UserRestrictionTask extends AbstractAuthServletTask {
//check if user's bPK is whitelisted
- if (!whitelist.isUserbPKInWhitelist(pseudonym.getFirst())) {
+ if (!whitelist.isUserbPKInWhitelistDynamic(pseudonym.getFirst())) {
Logger.info("User's bPK is not whitelisted. Authentication process stops ...");
Logger.trace("User's bPK: " + pseudonym.getFirst());
throw new MOAIDException("auth.35", null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
index a300739b3..71bd0f3c0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
@@ -30,6 +30,7 @@ public class UserWhitelistStore {
@Autowired(required=true) AuthConfiguration authConfig;
private List<String> whitelist = new ArrayList<String>();
+ private String absWhiteListUrl = null;
@PostConstruct
private void initialize() {
@@ -38,7 +39,7 @@ public class UserWhitelistStore {
Logger.debug("Do not initialize user whitelist. Reason: No configuration path to CSV file.");
else {
- String absWhiteListUrl = FileUtils.makeAbsoluteURL(whiteListUrl, authConfig.getRootConfigFileDir());
+ absWhiteListUrl = FileUtils.makeAbsoluteURL(whiteListUrl, authConfig.getRootConfigFileDir());
try {
InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI()));
String whiteListString = IOUtils.toString(new InputStreamReader(is));
@@ -70,4 +71,28 @@ public class UserWhitelistStore {
return whitelist.contains(bPK);
}
+
+ public boolean isUserbPKInWhitelistDynamic(String bPK) {
+ try {
+ if (absWhiteListUrl != null) {
+ InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI()));
+ String whiteListString = IOUtils.toString(new InputStreamReader(is));
+ if (whiteListString != null && whiteListString.contains(bPK)) {
+ Logger.trace("Find user with dynamic whitelist check");
+ return true;
+
+ } else {
+ Logger.debug("Can NOT find user in dynamic loaded user whitelist. Switch to static version ... ");
+ return isUserbPKInWhitelist(bPK);
+ }
+
+ }
+ } catch (Exception e) {
+ Logger.warn("Dynamic user whitelist check FAILED. Switch to static version ... ", e);
+
+ }
+
+ return isUserbPKInWhitelist(bPK);
+ }
+
}